Allocating data based on hardware faults

ABSTRACT

A data storage service receives a request to store data into a data storage system that consists of many physical data storage locations, each location having various physical characteristics. The data storage service determines a proper location for the data based on data placement rules applied to the physical data storage locations such that a set of proper locations is identified. The data storage service can place the data according to data placement rules.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.13/895,237, filed on May 15, 2013, entitled, “ALLOCATING DATA BASED ONHARDWARE FAULTS,” the contents of which are incorporated by referenceherein in its entirety. This application is also subject matter relatedto U.S. patent application Ser. No. 13/895,205, filed on May 15, 2013,now U.S. Pat. No. 9,378,075 entitled, “REDUCING INTERFERENCE THROUGHCONTROLLED DATA ACCESS,” the contents of which are incorporated byreference herein in its entirety.

BACKGROUND

Data storage systems have evolved and continue to evolve to keep up withthe demands of organizations that use them. Many organizations, forexample, utilize data storage systems for, among other reasons, thepurpose of data archiving, redundancy, and storage of large amounts ofdata. Despite their many advantages, modern data storage systems containinherent risks that are borne by the data storage system provider andthe organizations that utilize them. For example, despite best effortsto avoid it, data storage systems often include components that can besusceptible to overheating and/or fatigue damage resulting fromvibrations in the system caused by various moving parts, such asspinning magnetic media. Consequently, data that is contained in thedata storage systems may be susceptible to corruption or loss.Adequately addressing these risks, such as through adequate redundantstorage of data, presents additional costs to the organizations thatrely on the data storage systems and to the service provider.

BRIEF DESCRIPTION OF THE DRAWINGS

Various embodiments in accordance with the present disclosure will bedescribed with reference to the drawings, in which:

FIG. 1 shows an illustrative example of an environment in which variousembodiments can be practiced;

FIG. 2 shows an illustrative example of an environment in which variousembodiments can be practiced;

FIG. 3 shows an illustrative example of a process for storing data inaccordance with at least one embodiment;

FIG. 4 shows an illustrative example of a data storage system rackcontaining a plurality of multiple storage device units such as “just abunch of disks” units (JBODs);

FIG. 5 shows an illustrative example of a multiple storage device unitsuch as a JBOD that may be contained within a data storage rack;

FIG. 6 shows an illustrative example of a facility that may host a datastorage system;

FIG. 7 shows an illustrative example of a process for storing a dataobject in accordance with at least one embodiment;

FIG. 8 shows an illustrative example of a process for tracking hardwarefailures in a data storage system in accordance with at least oneembodiment;

FIG. 9 shows an illustrative example of a process for placing dataobject fragments into data storage in accordance with at least oneembodiment;

FIG. 10 shows an illustrative example of a process for retrieving a dataobject from data storage in accordance with at least one embodiment;

FIG. 11 shows an illustrative example of a process for placing dataobject fragments into data storage in accordance with at least oneembodiment; and

FIG. 12 shows an illustrative example of an environment in which variousembodiments may be practiced.

DETAILED DESCRIPTION

In the following description, various embodiments will be described. Forpurposes of explanation, specific configurations and details are setforth in order to provide a thorough understanding of the embodiments.However, it will also be apparent to one skilled in the art that theembodiments may be practiced without the specific details. Furthermore,well-known features may be omitted or simplified in order not to obscurethe embodiment being described.

Techniques described and suggested herein relate to the storage andaccess of data while minimizing the risk of data loss or corruption. Inan embodiment, an entity (e.g., an organization) contacts the service,such as through appropriately configured application programminginterface (API) calls to the service, to request archival of or accessto a data object (e.g., retrieval of the data object). In an embodiment,the entity is a customer of a computing resource service provider thatoperates the data storage service. Upon receipt of the request, theservice provider may receive the data object from the customer and,through the use of a redundancy encoding algorithm, convert the objectinto various fragments for storage in the system. The algorithm may be,for example, one in which the data object is divided into redundantfragments such that only a few fragments are needed to recompile theobject. Example algorithms include those which utilize erasure codes totransform a sequence of bits to multiple sequences of bits that arecollectively larger than the sequence of bits such that a proper subsetof the multiple sequences of bits are suitable for reconstructing thesequence of bits.

In various embodiments, a data storage system is facilitated by usingvarious network racks. These racks contain a variety of multiple storagedevice units, such as JBODs, that in turn may consist of a variety ofstorage devices, such as storage devices that utilize spinning magneticmedia (e.g., platters), magnetic tape storage devices or solid statedrives (SSD). These storage devices may be susceptible to failure due tothe operational environment. For instance, in the case of storagedevices that utilize spinning magnetic media, each storage devicecreates vibrations that may affect other storage devices in closeproximity. This type of vibration may lead to a head crash (e.g., theread/write heads on the storage device arms come in contact with therotating platters, physically damaging one or more platters) and dataloss. Storage devices are also prone to overheating which may reduce theuseful life of the storage device itself. A service provider may haveinformation regarding the failure modes in the data storage system and,using this information, may attempt to mitigate the risk of damage anddata loss. It is important to note that these failure modes are notnecessarily modes that are known to cause failure but may be modes that,if they were to cause failure, would impair data durability. Forexample, a computer resource service provider may not have informationto determine if there is a significant risk of data loss if data iswritten to the same platter in different storage devices, but theservice provider may want to avoid this situation due to the potentialdamage resulting from a failure.

In various embodiments, the service provider determines placement of thefragments in the data storage system in a manner that will reduce therisk of data loss due to hardware failure. A placement may indicate aphysical location in a data storage system. The physical location may beas specific as the service provider is able to control. For example, aplacement may, for each fragment of a plurality of fragments, indicateor otherwise correspond to one or more physical characteristics of alocation for the fragment such as a geographic region, a data center,data center room, rack, rack unit (e.g., multiple storage device unitwithin a rack) and/or storage device which the fragment is to be stored.In some embodiments, the service provider has even greater granularcontrol over data placement and, as such, a placement may, for eachfragment of a plurality of fragments, indicate or otherwise correspondto physical characteristics for a location such as a platter in astorage device with spinning magnetic media (platters), a side of aplatter, an annular region on a platter, a location on a platteraccessible by a particular head of a storage device and/or otherphysical locations. The service provider may have specific rules setforth in a placement engine that is configured to make placementdecisions to mitigate such loss. For example, a service provider may usea hardware failure in the data storage system to update the rulesincorporated into the placement engine to avoid repeating this and otherfailure modes.

In some examples, the placement engine receives a request to placefragments of the data object into the data storage system. After theplacement engine has determined the location of the first fragment, theengine may select the data storage location of the next fragment basedon a variety of rules set forth by the service provider in order tomitigate the risk of data loss. For example, if the selected location ofa subsequent fragment does not satisfy the rules set forth in theengine, it will continue to re-select a location for that fragment untila proper location is identified. At that point, the placement enginewill move on to the next fragment or, if there are no fragments left toanalyze, place all the fragments into the data storage system.

In various circumstances, a data storage system may simultaneouslyprocess numerous requests from numerous customers or generally mayaccess data storage devices for other reasons (e.g., garbage collection)during request processing. As a result, storage devices within the datastorage system that store data that is at least partially responsive toa request may be operating when the request is made by a customer toeither access or archive a data object. As stated above, a storagedevice can create vibrations and may be susceptible to overheating.Thus, in various embodiments, a service provider mitigates the risk ofdata loss by, for instance, preventing access to specific storagedevices during the archival or retrieval process through the use ofrules in the placement engine. For example, if the placement engine hasestablished that a fragment is to be stored in a specific storage devicebut an adjacent storage device is in use, the engine may determine thelocation of any other fragments prior to placing the fragments in datastorage. In the instance of data retrieval, the data storage system mayperform a similar operation as noted above but instead may opt to obtainonly the necessary fragments required to recompile the data object. Insome embodiments, read, write and/or delete operations may be delayeduntil a state of the data storage system is such that the read, writeand/or delete operations are permitted to be performed to lower the riskof failure. For example, if data is to be written to, read from ordeleted from a particular storage device, writing, reading or deletingthe data may be delayed until any adjacent storage devices are idle.

In this manner, data in a data storage system is less susceptible toloss due to hardware failures within the system. In addition, thetechniques described and suggested herein facilitate additionaltechnical advantages. For example, because, in some embodiments, accessto certain storage devices may be restricted based on the operatingenvironment at any given time, the hardware contained within the datastorage system is less prone to fatigue damage and thus may reducemaintenance costs for the service provider. This, in turn, may lead to areduction in cost for the customer. Additional uses are also enabled bythe various techniques described herein.

FIG. 1 shows an illustrative example of an environment 100 in whichvarious embodiments may be practiced. In the environment 100, a customer102 transmits a data object 104 (e.g., this may include files composedof one or more bits such as, but not limited to, executable programs,drawings and text documents) to a computing resource service providerfor storage in a data storage system. Customers and computing resourceservice providers may be organizational entities, such as corporationsor other organizations. It should be noted that, while the presentdisclosure discusses customers communicating with computing resourceservice providers, unless otherwise clear from context, suchcommunications may occur via devices (e.g., computer systems) operatedby and/or on behalf of the organizations using one or more communicationprotocols, such as those noted below.

The data object 104 is processed through a redundancy encoding engine106. The redundancy encoding engine 106 may utilize one or morealgorithms to convert the data object provided by the customer 102 intonumerous data fragments 108. The data storage system may maintain adatabase that associates an identifier of the parent data object 104with the data storage locations of the data fragments 108. Additionally,the data fragments 108 may be encoded for tracking within the system.For example, a data fragment 108 may be encoded with the name of theparent data object 104 and the number of fragments required to recompilethe data object at a later time.

Subsequently, as illustrated in FIG. 1, the data fragments 108 areprocessed through a placement engine 110 which determines the locationfor each data fragment 108 in the data storage system. A placementengine 110 may be a computer system or component of a computer systemthat is configured to apply a set of rules to place data fragments 108into storage devices (e.g., drives) 112 in the data storage system. Theplacement engine 110 may use a variety of rules specified by the serviceprovider to determine proper location. Once the location for each datafragment 108 has been specified, the data fragments 108 are transferredto corresponding storage devices 112 for storage.

The storage devices 112 may consist of spinning magnetic media, magnetictape drives, SSD or any other form of data storage device. The datafragments 108 may reside in these storage devices 112 until such timethe customer 102 provides a request to the service provider to modifythe data object 104. For example, a customer 102 may request that thedata object 104 be deleted, replaced or overwritten. In such aninstance, the service provider would access the storage devices 112containing the data fragments 108 and comply with the customer request.

FIG. 2 shows an illustrated example of an environment 200 in whichvarious embodiments of the present disclosure may be practiced. Theenvironment 200 illustrated in FIG. 2 may include components such asthose described above in connection with FIG. 1. For example, theenvironment 200 in FIG. 2 includes a customer 202 and a computingresource service provider 206. The customer 202 and computing resourceservice provider 206 may be configured such as described above inconnection with FIG. 1. As illustrated in FIG. 2, the customer 202 maycommunicate with the computing resource service provider 206 through oneor more communications networks, such as the Internet 204. Somecommunications from the customer 202 to the computing resource serviceprovider 206 may cause the computing resource service provider 206 tooperate in accordance with various techniques described herein orvariations thereof.

As noted above, a computing resource service provider 206 may providevarious computing resource services to its customers 202. For instance,in this particular illustrative example, the computing resource serviceprovider 206 provides, in addition to the data storage service 208, oneor more other services 210, such as virtual computer system services,database services, and/or one or more other types of data storageservices to the customer 202. These additional services 210 may beprovided in addition to or as an alternative to services explicitlydescribed herein.

The data storage service 208, in various embodiments, comprises acollection of computing resources that collectively operate to storedata for customers. The data stored by the data storage service 208 maybe organized into data objects. The data objects may have arbitrarysizes except, perhaps, for certain constraints on size. Thus, the datastorage service 208 may store numerous data objects of varying sizes.The data storage service 208 may operate as a key value store thatassociates data objects with identifiers of the data objects. Theidentifiers of the data objects which may be used by the customer 202 toretrieve or perform other operations in connection with the data objectsstored by the data storage service 208. Access to the data storageservice 208 may be through appropriately configured API calls, such asweb service calls to one or more web servers of the data storage service208.

FIG. 3 shows an illustrated example of an environment 300 in whichvarious embodiments of which the present disclosure may be practiced.The environment 300 may be a portion of the environment 200 discussedabove. In the environment 300, a data object received from a customer302 may be processed using a redundancy encoding engine 304 that mayutilize a redundancy encoding scheme to divide the data object intosmaller data fragments. An example of a process that a redundancyencoding engine 304 may use is erasure coding. Through erasure coding, adata object consisting of various bits of information is reduced intosmaller data fragments. Each data fragment may contain more than itsproportional share of data such that the combination of data in all datafragments may be greater than that of the parent data object. Thus, notall data fragments are required to recompile the parent data object.While erasure coding is used extensively throughout the presentdisclosure for the purpose of illustration, the scope of the presentdisclosure is not necessarily limited to the processes explicitly notedherein.

In various embodiments of the data storage service 300 includes aplacement engine 306. The placement engine 306, as illustrated here andas in FIG. 1, may be a computer system or component of a computer systemthat is configured to apply a set of rules to place data fragments intovarious locations within the data storage system. Generally, datastorage locations within a data storage system may have correspondingphysical characteristics. For instance, a location may be defined as ona particular storage device 308, in a particular multiple storage deviceunit (e.g., JBOD), in a particular data storage system rack, in aparticular data center room, in a particular data center or in aparticular data center geographical location. Additionally, a locationmay be defined within a storage device 308. For example, a location maybe defined as on a particular platter within a storage device 308 ormultiple storage devices, on a particular side of the platter, in aparticular region of the platter (e.g., inner annular region or outerannular region), in a particular region within a storage device 308accessible by a certain head, or in a particular cache in the case of ahybrid storage device.

Rules may be configured to enforce conditions for heterogeneity for thefragments among one or more physical characteristics. For instance, arule may prohibit the placement of two or more data fragments on thesame storage device platter, on the same multiple storage device unit,on the same data storage rack, or in the same data center. Thus, forexample, a rule that may be included in the placement engine 306methodology is one that may prevent two or more data fragments frombeing placed in a single storage device 308.

Rules may also be more complex in nature. For instance, a rule mayinclude allowing only k of n data fragments to share the sameprobability of loss or corruption, where k and n are positive integers.Thus, n-k (n minus k) data fragments may need to have a lowerprobability of loss or corruption, possibly ensuring recoverability ofthe parent data object. Another example of a more complex rule is onethat may prohibit k of n fragments from being stored on the sameplatter, but on different storage devices. For instance, the rule maystate that only two fragments can be stored on platter No. 2 of anystorage device. Thus, storing one fragment on platter No. 2 of storagedevice A, one fragment on platter No. 2 of storage device B, and onefragment on platter No. 2 of storage device C would violate the rule.Accordingly, the placement engine 306 may place the data fragments intothe corresponding storage devices 308. Additionally, the placementengine 306 may transmit additional information to a database 310. Thedatabase 310 may include, for example, information relating to theparent data object and the location of each data fragment in the storagedevices 308. If a customer 302 requests access to a data object throughthe data storage service 300, the database 310 may serve as a directoryfor the relevant information necessary to obtain such access.

FIG. 4 shows an illustrative example of an environment 400 in which adata storage rack 402 is used to contain various data objects inaccordance with various embodiments. The environment 400 illustrated inFIG. 4 may serve as part of the data storage system described above. Thedata storage rack 402 consists of one or more multiple storage deviceunits, such as multiple storage device units 404, each containing one ormore storage devices 406. As noted above, storage devices 406 may besusceptible to failure due to the operational environment. Theenvironment 400 illustrated in FIG. 4 and variations thereof may besubject to, for example, overheating and excess vibration that maydamage the storage devices 406.

In the environment 400 illustrated in FIG. 4, a fan 408 is used toprovide airflow and thus, a method of cooling the data storage rack 402.Accordingly, the fan 408 serves to prevent overheating in the multiplestorage device units 404 and the storage devices 406 contained therein.However, since the fan 408 may be located underneath the data storagerack 402, the temperature within the multiple storage device units 404may increase in relation to the distance away from the fan 408. Thus, inthis example, the storage devices 406 within the data storage rack 402furthest away from the fan 408 may be more susceptible to damage.

The environment 400 may also include other components necessary foroperation of the data storage rack 402. For example, a data storage rack402 may also contain a power supply, a switch located at the top of thedata storage rack 402, and servers in the event that a computer resourceservice provider employee may need to access the data storage system. Itis to be noted that the scope of the present disclosure is notnecessarily limited to the data storage rack configurations explicitlynoted herein.

As discussed above, a data storage rack consists of one or more multiplestorage device units. FIG. 5 shows an illustrative example of a multiplestorage device unit 500 that may be incorporated into a data storagerack as illustrated in FIG. 4. As illustrated, a multiple storage deviceunit 500 may consist of an enclosure 502 containing one or more storagedevices arranged in an array. In this example, the storage devicesenclosed in the multiple storage device unit 500 are arranged in threerows, each containing four storage devices for a total of twelve storagedevices in the enclosure 502. However, multiple storage device units 500may consist of any number of storage devices and may be arranged invarying ways. For example, a multiple storage device unit 500 maycomprise rows of storage devices (oriented horizontally and/orvertically) that are deeper into the multiple storage device unit 500,giving each storage device a three-dimensional position within themultiple storage device unit 500. Additionally, some storage devices maybe otherwise oriented within the multiple storage device unit (e.g.,askew or placed diagonally).

FIG. 6 shows an illustrative example of an environment 600 in which adata storage service may physically reside. As noted above, a datastorage rack 602 may consist of one or more multiple storage deviceunits. These multiple storage device units may contain one or morestorage devices arranged in various configurations. In the environment600, the data storage racks 602 may be maintained in an edificecontaining one or more data centers 604. These data centers 604 may bemaintained by one or more of the computing resource service provideremployees. Thus, the data center may have additional offices 606 inorder to support various employee tasks.

In the event of a hardware failure, employees at the facility may beable to examine the root cause of the failure and may catalog thisinformation. This may enable the employees to update the rulesimplemented in the placement engine in order to prevent one or morefailure modes, as noted above.

FIG. 7 shows an illustrative example of a process 700 for storing a dataobject in accordance with various embodiments. The process 700illustrated in FIG. 7 and variations thereof may be performed by anysuitable system, including a system that may utilize a redundancyencoding engine to convert a data object into numerous data fragments, aplacement engine that may include a set of rules for placing the datafragments into the data storage system and a series of storage deviceswhere the data fragments may be stored as illustrated in FIG. 3. In anembodiment the process 700 includes receiving 702 a data object from acustomer for storage in the data storage system. The data object may bereceived in any suitable manner. For example, as noted above, a customermay access the data storage service through one or more communicationsnetworks, such as the Internet. Accordingly, the request to store a dataobject may be received as an appropriately configured web servicerequest or other API call.

Upon receipt 702 of the data object from the customer, the process 700may include applying a redundancy encoding scheme 704 to convert theparent data object into numerous data fragments for storage. Theencoding scheme may include, for example, erasure coding as noted abovesuch that not all data fragments are necessary to recompile the parentdata object in the future. Again, while erasure coding is usedextensively throughout the present disclosure for the purpose ofillustration, the scope of the present disclosure is not necessarilylimited to the processes explicitly noted herein.

Once the parent data object has been reduced into smaller datafragments, the process 700 may include determining the placement 706 ofthe various data fragments. As noted above, in various embodiments, theplacement of data fragments into the data storage system may be madeusing a placement engine. Accordingly, the computing resource serviceprovider may incorporate various rules, such as rules to enforceheterogeneity as described above, into the placement engine such that,for example, the data fragments are catalogued in a database andassigned a data storage location within the data storage system.Additionally, as discussed below, the placement engine may be updatedbased on the detection of failures within the data storage system suchthat the placement of the data fragments minimizes the risk of data lossor corruption.

Once the placement engine has determined the location for each datafragment, the process 700 may place the fragments 708 into a datastorage location within the data storage system. The data fragments maybe written to storage devices for storage. As noted above, the storagedevices may consist of spinning magnetic media, magnetic tape storagedevices, SSD, or any other form of data storage device. While each typeof storage device may be susceptible to various failure modes, theplacement of the fragments 708 may be made to mitigate the risk offailure.

In addition, various additional operations may be performed inconnection with the process 700 illustrated in FIG. 7. As noted below,for example, the data storage system may obtain the current environmentwhere a data fragment is to be stored and delay access to thecorresponding storage device until it is permitted to do so.Additionally, the data storage system may encrypt the data objectobtained from the customer or the data fragments generated by theredundancy encoding engine as illustrated in FIG. 3. Accordingly, theprocess 700 may, in various embodiments, include performing suchoperations.

As noted above, the placement engine may be used to determine the properplacement of data fragments in the data storage system. The rulesgoverning the proper placement of the data fragments may be determinedby, for example, the computer resource service provider employees,through repeated iterations of the process illustrated in FIG. 3, or anexternal condition, such as a hardware failure. In some embodiments,customers of a computing resource service provider are provided theability, such as through a web services or other interface, to provideplacement conditions that are used by the computing resource serviceprovider to generate rules for a placement engine. The conditions fordata placement may include conditions discussed above. The conditionsmay be specified by the customers explicitly (e.g., by specifying therules themselves) or implicitly, such as by selecting one of severalredundancy levels, each level corresponding to a set of placement rules.Charges to customers may vary based at least in part on the dataplacement rules, if any, that the customers specify.

FIG. 8 shows an illustrative example of a process 800 for trackinghardware failures in a data storage system in accordance with at leastone embodiment. The process 800 illustrated in FIG. 8 and variationsthereof may be performed by any suitable system, including one that mayutilize a placement engine to determine where data fragments should bestored. In the process 800, the data storage system may detect 802 afailure within the system. For example, if there is a storage devicefailure within a multiple storage device unit, a signal may be sent tothe data storage system and to the computer resource service provideremployees notifying them of the failure. Failures may be detected basedon Self-Monitoring Analysis and Reporting Technology (SMART) built intostorage devices within the multiple storage device unit. Additionally, asignal may be sent if there is a more serious fault in the data storagesystem, such as a power supply failure or ventilation failure within adata storage rack or a catastrophic power failure within the data centerfacility.

Upon determining the severity and impact of the detected failure, thedata storage system or a computer resource service provider employee mayrecord the particular failure mode, for example, in a log that containsa historical record of all previous faults in the data storage system.Accordingly, this log may be used to update 804 the failure statisticsof the data storage system. One purpose for updating 804 the failurestatistics is to, for example, obtain the likelihood of future hardwarefaults within the data storage system. This may serve one or morefunctions. For instance, if a server fan generates vibrations that maydecrease the service life of specific storage devices or may causeintermittent failures in those storage devices; this information may beof value to a computer resource service provider such that the providermay seek to limit the use of these specific storage devices.Additionally, if a power supply within a data service rack is producingheat that may exceed the tolerance of certain multiple storage deviceunit components, such as wiring bundles or internal storage devices,resulting in different failure modes, a computer resource serviceprovider may seek to limit access to that specific multiple storagedevice unit or limit the amount of data that is stored in the dataservice rack.

With sufficient information obtained through updating 804 the failurestatistics, a computer resource service provider employee or the datastorage system, through one or more algorithms, may update 806 theplacement engine. An update 806 to the placement engine may include amodification or implementation of a new rule that may be used todetermine the placement of one or more data fragments within the datastorage system, as illustrated in FIGS. 1 and 3. For example, a new rulemay be implemented that prevents multiple data fragments with the sameparent data object from being stored in, for instance, the same storagedevice platter or storage device. Additionally, this rule may includecorollaries such that no two or more data fragments are, for example,stored in the same data storage rack, in the same room of a data center,in the same data center, or in the same geographical designation.

The rules that may be implemented as noted above may not be static. Forexample, if the data storage system detects 802 an additional hardwarefailure, the process 800 may iterate, which may result in furtherupdates 804 to the failure statistics. Thus, the placement engine may beupdated 806 at any time based on the frequency of hardware failures inthe data storage system.

FIG. 9 is an illustrative example of process 900 for storing a dataobject in accordance with at least one embodiment. As noted above, adata object may be converted into numerous data fragments using aredundancy encoding engine, such as the one illustrated in FIG. 3. It isat this point that the process 900 may receive 902 a request to placethe data fragments of the parent data object into the data storagesystem. At this point, a placement engine, such as the one illustratedin FIG. 3, may select the location of the first segment 904. Theselection of the location of the first segment 904 may be independent ofany known hardware failure modes within the data storage system and maybe independent of the placement of other data fragments with the sameparent data object. However, rules may be implemented within theplacement engine that may make it necessary for the first segment to bestored in a specific location.

Once the first data fragment location has been selected 904, the process900 may include selecting a location for the next data fragment 906.Given the location of the first data segment, a placement engine mayexamine 908 a location for the next data fragment based on theimplemented rules, such as those noted above, contained therein. If theselected location does not satisfy the rules implemented in theplacement engine, the data storage system may select a new data storagelocation 910 for the current data fragment. For example, if theplacement engine has determined that the first data fragment is to bestored in multiple storage device unit X and a rule implemented withinthe placement engine states that no two or more data fragments are to bestored in the same multiple storage device unit, the placement enginemay examine the location assigned to any subsequent data fragment andmay re-select that location if it is currently assigned to be stored inmultiple storage device unit X. If the location for the data fragmentsatisfies the rules set forth in the placement engine, the data storagesystem may evaluate 912 whether any more data fragments remain. If thereare more data fragments present requiring a location, the process 900may include determining 906 a location for said data fragment. In thisfashion, the location of each data fragment may satisfy the variousrules contained in the placement engine.

Once each data fragment has been assigned a location that satisfies allthe rules set forth in the placement engine, the process 900 may write914 all the data fragments into the data storage system. While theimplementation of rules is used extensively throughout the presentdisclosure for the purpose of illustration, the scope of the presentdisclosure is not necessarily limited to the processes explicitly notedherein. For instance, a placement engine may include, in addition torules limiting the possible locations for subsequent data fragments, aseries of algorithms that may be performed to select, based on prioriterations of process 900, a prior set of locations for the current datafragments being stored into the data system. The list of prior sets mayinclude locations used in the past that have resulted in a reduction ofthe risk of data loss or corruption.

As noted above, storage devices may be susceptible to damage resultingfrom, for example, vibrations and overheating. In the case of storagedevices that utilize spinning magnetic media, normal operation of suchstorage devices may result in vibrations that may adversely affect thesurrounding data environment. Accordingly, FIG. 10 is an illustrativeexample of a process 1000 for retrieving a data object from data storagein a manner that may reduce the risk of data loss due to adversesurrounding conditions, in accordance with at least one embodiment.

Similar to the process 900 detailed above, the process 1000 may includereceiving 1002 a request from, for example, a customer or a computingresource service provider to perform an operation that may requireaccess to a variety of storage devices. These storage devices maycontain data fragments that are associated with a parent data object.The data storage system, upon receiving 1002 a request, may refer to adatabase as noted above to determine 1004 the location of a datafragment stored in the data storage system. Once the location has beendetermined 1004, the data storage system may obtain 1006 the currentactivity state of the environment surrounding the location of thecurrent data fragment. For instance, if the current data fragment islocated in a particular storage device, the environment may include anystorage devices in spatial proximity (e.g., share a vibrationtransmission medium or a common mounting fixture) to the storage devicecontaining the current data fragment and any multiple storage deviceunits in spatial proximity to the multiple storage device unit with thetargeted storage device. Additionally, the environment may include thecurrent temperature and moisture content surrounding the targetedstorage device, as well as barometric pressure or pollutants in the air.The current activity state may refer to the operational state of anycomponents within a data storage system. For instance, for a storagedevice, the current activity state may refer to whether the storagedevice is spinning (e.g., read/write/delete access of the storage mediawithin the storage device) and at what velocity, or if it is idle. Asnoted above, a storage device that utilizes spinning magnetic media thatis in operation may generate vibrations and heat. Thus, the currentlyactivity state of a storage device may have a corresponding effect onthe surrounding environment.

The evaluation of the surrounding environment may include one or moreanalyses based on known failure modes. The severity of these failuremodes may be known to computing resource service provider through aprocess, such as the process 800 noted above, or through knownmanufacturing tolerances. For example, a manufacturer, prior to deliveryof any hardware components (e.g., storage devices, multiple storagedevice units, data storage racks) may perform tests to determine thetolerances and/or service life of these components. This may include theuse of testing devices such as a storage device embedded withinstrumentation to determine surrounding adverse conditions (e.g.,excess heat, vibrations, moisture). The manufacturer may thus obtaininformation detailing the risk of damage to any hardware component basedon the surrounding environment. This information may be transmitted tothe computing resource service provider, for example, during the sale ofhardware components to the computing resource service provider or wheninitially detected by the manufacturer. In this instance, manufacturersmay be organizational entities, such as corporations or otherorganizations.

The computing resource service provider may use statistics obtainedusing the process 800 or the information obtained from a manufacturer,as noted above, to create a set of conditions that would prevent accessto a storage device should the surrounding environment increase the riskof data loss or corruption. For example, the computing resource serviceprovider may provide a set of conditions that are based on spatialproximity to the storage device that is to be accessed. For instance, ifone or more storage devices adjacent to one with a data fragmentnecessary for access to a parent data object are currently active (e.g.,a storage device is performing one or more operations on its media), thedata storage system may deny access to the storage device containing thedata fragment until all adjacent storage devices are idle. Spatialproximity may also not be limited to adjacent storage devices. Forinstance, if, statistically, vibrations resulting from currently activestorage devices that are not adjacent to the targeted storage device,but share a vibration transmission medium with the targeted storagedevice or a common mounting fixture with the targeted storage device,would result in greater potential damage to the targeted storage device,the data storage system may also deny access to the storage devicecontaining the data fragment until these active storage devices areidle. Thus, the process 1000, using the conditions that may beimplemented by the computing resource service provider, may include adetermination 1008 of whether the storage device containing the currentdata fragment may be accessed. If access to the present storage deviceis not permitted due to an adverse surrounding condition, the datastorage system may bypass the current data fragment and determine 1004the location of the next data fragment. Otherwise, the data storagesystem may seek to determine 1010 whether all the necessary datafragments have been located and the environment is favorable forretrieval of the data fragments.

It is important to note that the conditions noted above may beimplemented in various ways. For instance, the data storage system maycontain a small script that is executed when access to a storage deviceis required. The script may examine the storage devices adjacent to thestorage device containing the necessary data fragment and generate afile containing the status of all adjacent storage devices. This file,in turn, may be processed by the data storage system consistent with theprocess 1000.

As noted above in FIG. 3, a redundancy encoding engine utilizing aredundancy encoding scheme may be used to reduce a data object intosmaller data fragments. Through erasure coding, not all data fragmentsgenerated using the redundancy encoding engine may be necessary torestore the parent data object. Accordingly, the process 1000 mayinclude evaluating 1010 whether the data storage system has thenecessary data fragments to restore the parent data object. Thisevaluation may occur every time the data storage system has determined1008 that a storage device containing a data fragment may be accessed,as noted above. If the data storage system has determined that thestorage devices containing the necessary data fragments may be accessed,the data storage system may permit access to the required storagedevices. However, if more data fragments are necessary to recreate theparent data object, the data storage system may select the next datafragment and determine 1004 the location of said data fragment withinthe data storage system.

Once determined 1010 that all data fragments necessary to recreate theparent data object have been identified and the data storage system hasdetermined 1008 that there is permission to access the storage devicesthat contain the necessary data fragments, the data storage system mayaccess 1012 the data fragments and recompile the parent data object.

As with all processes described herein, variations of the process 1000are considered as being within the scope of the present disclosure. Forinstance, as noted above, the process 1000 may include determining 1004the location of a data fragment if access to a storage device 1008 isprohibited due to an adverse condition being present. An example of avariation of the process 1000 may be one in which the data storagesystem may wait until access to a storage device is permitted prior todetermining 1004 the location of the next data fragment. Another exampleof a variation of the process 1000 may be one in which the data storagesystem opts to obtain all data fragments (or a greater number of datafragments) as opposed to just the minimum number of fragments necessaryfor constructing the data object, as noted above.

Access to a storage device may not be limited to read operations only.Accordingly, FIG. 11 is an illustrative example of a process 1100 forplacing data object fragments into data storage in a manner that mayreduce the risk of data loss due to adverse surrounding conditions, inaccordance with at least one embodiment. Much like the process 900 notedabove, the process 1100 may include receiving 1102 a request to placeone or more data fragments of a parent data object into the data storagesystem.

Similar to the process 900 noted above, the process 1100 may includedetermining 1104 a location to store the first data fragment. Thisdetermination 1104 may be made using a placement engine, such asillustrated in FIG. 3. As noted above, the selection of the location ofthe first segment may be independent of any known hardware failure modeswithin the data storage system and may be independent of the placementof other data fragments with the same parent data object. However, theprocess 1100 may include subsequently obtaining 1106 the current stateof the environment surrounding the desired location for the datafragment. The evaluation of the surrounding environment may be conductedin a manner the utilizing techniques described above. Additionally, thecomputing resource service provider may update the rules incorporatedinto the placement engine based on the process 800 described above or oninformation received from a manufacturer of a data storage systemcomponent.

As in the process 1000, the process 1100 may include a determination1108 of whether the access to the storage device selected for the datafragment storage is permitted. This determination may be made using amethod as described above. If access to the selected storage device isnot permitted, the data storage system may proceed to determine 1104 thelocation of the next data fragment. Otherwise, the data storage systemmay seek to determine 1110 whether all the data fragments associatedwith the parent data object have been located and the environment isfavorable for storage of the data fragments. Once the data storagesystem has permission to access the storage devices identified to storeall the data fragments, the data storage system may place 1112 thesedata fragments in the respective storage devices.

As with all processes described herein, variations of the process 1100are considered as being within the scope of the present disclosure. Forinstance, the process 1100 may instead include determining a newlocation for a data fragment if the selected location is not permitteddue to an adverse condition in the environment. Thus, the data storagesystem may focus on one data fragment and refrain from moving on to thenext data fragment until a suitable location has been chosen. Anotherexample may be based on a more complex rule in the placement engine,such as one that would allow k of n data fragments to share the sameprobability of loss or corruption. Thus, the data storage system mayinclude ignoring the environment surrounding the selected location ofthe k data fragments. Once n-k fragments remain, the data storage systemwould begin evaluating the surrounding environment of these fragmentsand select an appropriate location in conformity with process 1100.

FIG. 12 illustrates aspects of an example environment 1200 forimplementing aspects in accordance with various embodiments. As will beappreciated, although a web-based environment is used for purposes ofexplanation, different environments may be used, as appropriate, toimplement various embodiments. The environment includes an electronicclient device 1202, which can include any appropriate device operable tosend and receive requests, messages or information over an appropriatenetwork 1204 and convey information back to a user of the device.Examples of such client devices include personal computers, cell phones,handheld messaging devices, laptop computers, tablet computers, set-topboxes, personal data assistants, embedded computer systems, electronicbook readers and the like. The network can include any appropriatenetwork, including an intranet, the Internet, a cellular network, alocal area network or any other such network or combination thereof.Components used for such a system can depend at least in part upon thetype of network and/or environment selected. Protocols and componentsfor communicating via such a network are well known and will not bediscussed herein in detail. Communication over the network can beenabled by wired or wireless connections and combinations thereof. Inthis example, the network includes the Internet, as the environmentincludes a web server 1206 for receiving requests and serving content inresponse thereto, although for other networks an alternative deviceserving a similar purpose could be used as would be apparent to one ofordinary skill in the art.

The illustrative environment includes at least one application server1208 and a data store 1210. It should be understood that there can beseveral application servers, layers or other elements, processes orcomponents, which may be chained or otherwise configured, which caninteract to perform tasks such as obtaining data from an appropriatedata store. Servers, as used herein, may be implemented in various ways,such as hardware devices or virtual computer systems. In some contexts,servers may refer to a programming module being executed on a computersystem. As used herein the term “data store” refers to any device orcombination of devices capable of storing, accessing and retrievingdata, which may include any combination and number of data servers,databases, data storage devices and data storage media, in any standard,distributed or clustered environment. The application server can includeany appropriate hardware and software for integrating with the datastore as needed to execute aspects of one or more applications for theclient device, handling some (even a majority) of the data access andbusiness logic for an application. The application server may provideaccess control services in cooperation with the data store and is ableto generate content such as text, graphics, audio and/or video to betransferred to the user, which may be served to the user by the webserver in the form of HyperText Markup Language (“HTML”), ExtensibleMarkup Language (“XML”) or another appropriate structured language inthis example. The handling of all requests and responses, as well as thedelivery of content between the client device 1202 and the applicationserver 1208, can be handled by the web server. It should be understoodthat the web and application servers are not required and are merelyexample components, as structured code discussed herein can be executedon any appropriate device or host machine as discussed elsewhere herein.Further, operations described herein as being performed by a singledevice may, unless otherwise clear from context, be performedcollectively by multiple devices, which may form a distributed system.

The data store 1210 can include several separate data tables, databasesor other data storage mechanisms and media for storing data relating toa particular aspect of the present disclosure. For example, the datastore illustrated may include mechanisms for storing production data1212 and user information 1216, which can be used to serve content forthe production side. The data store also is shown to include a mechanismfor storing log data 1214, which can be used for reporting, analysis orother such purposes. It should be understood that there can be manyother aspects that may need to be stored in the data store, such as forpage image information and to access right information, which can bestored in any of the above listed mechanisms as appropriate or inadditional mechanisms in the data store 1210. The data store 1210 isoperable, through logic associated therewith, to receive instructionsfrom the application server 1208 and obtain, update or otherwise processdata in response thereto. In one example, a user, through a deviceoperated by the user, might submit a search request for a certain typeof item. In this case, the data store might access the user informationto verify the identity of the user and can access the catalog detailinformation to obtain information about items of that type. Theinformation then can be returned to the user, such as in a resultslisting on a web page that the user is able to view via a browser on theuser device 1202. Information for a particular item of interest can beviewed in a dedicated page or window of the browser. It should be noted,however, that embodiments of the present disclosure are not necessarilylimited to the context of web pages, but may be more generallyapplicable to processing requests in general, where the requests are notnecessarily requests for content.

Each server typically will include an operating system that providesexecutable program instructions for the general administration andoperation of that server and typically will include a computer-readablestorage medium (e.g., a hard disk, random access memory, read onlymemory, etc.) storing instructions that, when executed by a processor ofthe server, allow the server to perform its intended functions. Suitableimplementations for the operating system and general functionality ofthe servers are known or commercially available and are readilyimplemented by persons having ordinary skill in the art, particularly inlight of the disclosure herein.

The environment in one embodiment is a distributed computing environmentutilizing several computer systems and components that areinterconnected via communication links, using one or more computernetworks or direct connections. However, it will be appreciated by thoseof ordinary skill in the art that such a system could operate equallywell in a system having fewer or a greater number of components than areillustrated in FIG. 12. Thus, the depiction of the system 1200 in FIG.12 should be taken as being illustrative in nature and not limiting tothe scope of the disclosure.

The various embodiments further can be implemented in a wide variety ofoperating environments, which in some cases can include one or more usercomputers, computing devices or processing devices which can be used tooperate any of a number of applications. User or client devices caninclude any of a number of general purpose personal computers, such asdesktop, laptop or tablet computers running a standard operating system,as well as cellular, wireless and handheld devices running mobilesoftware and capable of supporting a number of networking and messagingprotocols. Such a system also can include a number of workstationsrunning any of a variety of commercially-available operating systems andother known applications for purposes such as development and databasemanagement. These devices also can include other electronic devices,such as dummy terminals, thin-clients, gaming systems and other devicescapable of communicating via a network.

Various embodiments of the present disclosure utilize at least onenetwork that would be familiar to those skilled in the art forsupporting communications using any of a variety ofcommercially-available protocols, such as Transmission ControlProtocol/Internet Protocol (“TCP/IP”), protocols operating in variouslayers of the Open System Interconnection (“OSI”) model, File TransferProtocol (“FTP”), Universal Plug and Play (“UpnP”), Network File System(“NFS”), Common Internet File System (“CIFS”) and AppleTalk. The networkcan be, for example, a local area network, a wide-area network, avirtual private network, the Internet, an intranet, an extranet, apublic switched telephone network, an infrared network, a wirelessnetwork and any combination thereof.

In embodiments utilizing a web server, the web server can run any of avariety of server or mid-tier applications, including Hypertext TransferProtocol (“HTTP”) servers, FTP servers, Common Gateway Interface (“CGI”)servers, data servers, Java servers and business application servers.The server(s) also may be capable of executing programs or scripts inresponse requests from user devices, such as by executing one or moreweb applications that may be implemented as one or more scripts orprograms written in any programming language, such as Java®, C, C# orC++, or any scripting language, such as Perl, Python or TCL, as well ascombinations thereof. The server(s) may also include database servers,including without limitation those commercially available from Oracle®,Microsoft®, Sybase® and IBM®.

The environment can include a variety of data stores and other memoryand storage media as discussed above. These can reside in a variety oflocations, such as on a storage medium local to (and/or resident in) oneor more of the computers or remote from any or all of the computersacross the network. In a particular set of embodiments, the informationmay reside in a storage-area network (“SAN”) familiar to those skilledin the art. Similarly, any necessary files for performing the functionsattributed to the computers, servers or other network devices may bestored locally and/or remotely, as appropriate. Where a system includescomputerized devices, each such device can include hardware elementsthat may be electrically coupled via a bus, the elements including, forexample, at least one central processing unit (“CPU” or “processor”), atleast one input device (e.g., a mouse, keyboard, controller, touchscreen or keypad) and at least one output device (e.g., a displaydevice, printer or speaker). Such a system may also include one or morestorage devices, such as disk drives, optical storage devices andsolid-state storage devices such as random access memory (“RAM”) orread-only memory (“ROM”), as well as removable media devices, memorycards, flash cards, etc.

Such devices also can include a computer-readable storage media reader,a communications device (e.g., a modem, a network card (wireless orwired), an infrared communication device, etc.) and working memory asdescribed above. The computer-readable storage media reader can beconnected with, or configured to receive, a computer-readable storagemedium, representing remote, local, fixed and/or removable storagedevices as well as storage media for temporarily and/or more permanentlycontaining, storing, transmitting and retrieving computer-readableinformation. The system and various devices also typically will includea number of software applications, modules, services or other elementslocated within at least one working memory device, including anoperating system and application programs, such as a client applicationor web browser. It should be appreciated that alternate embodiments mayhave numerous variations from that described above. For example,customized hardware might also be used and/or particular elements mightbe implemented in hardware, software (including portable software, suchas applets) or both. Further, connection to other computing devices suchas network input/output devices may be employed.

Storage media and computer readable media for containing code, orportions of code, can include any appropriate media known or used in theart, including storage media and communication media, such as, but notlimited to, volatile and non-volatile, removable and non-removable mediaimplemented in any method or technology for storage and/or transmissionof information such as computer readable instructions, data structures,program modules or other data, including RAM, ROM, Electrically ErasableProgrammable Read-Only Memory (“EEPROM”), flash memory or other memorytechnology, Compact Disc Read-Only Memory (“CD-ROM”), digital versatiledisk (DVD) or other optical storage, magnetic cassettes, magnetic tape,magnetic disk storage or other magnetic storage devices or any othermedium which can be used to store the desired information and which canbe accessed by the system device. Based on the disclosure and teachingsprovided herein, a person of ordinary skill in the art will appreciateother ways and/or methods to implement the various embodiments.

The specification and drawings are, accordingly, to be regarded in anillustrative rather than a restrictive sense. It will, however, beevident that various modifications and changes may be made thereuntowithout departing from the broader spirit and scope of the invention asset forth in the claims.

Other variations are within the spirit of the present disclosure. Thus,while the disclosed techniques are susceptible to various modificationsand alternative constructions, certain illustrated embodiments thereofare shown in the drawings and have been described above in detail. Itshould be understood, however, that there is no intention to limit theinvention to the specific form or forms disclosed, but on the contrary,the intention is to cover all modifications, alternative constructionsand equivalents falling within the spirit and scope of the invention, asdefined in the appended claims.

The use of the terms “a” and “an” and “the” and similar referents in thecontext of describing the disclosed embodiments (especially in thecontext of the following claims) are to be construed to cover both thesingular and the plural, unless otherwise indicated herein or clearlycontradicted by context. The terms “comprising,” “having,” “including”and “containing” are to be construed as open-ended terms (i.e., meaning“including, but not limited to,”) unless otherwise noted. The term“connected,” when unmodified and referring to physical connections, isto be construed as partly or wholly contained within, attached to orjoined together, even if there is something intervening. Recitation ofranges of values herein are merely intended to serve as a shorthandmethod of referring individually to each separate value falling withinthe range, unless otherwise indicated herein and each separate value isincorporated into the specification as if it were individually recitedherein. The use of the term “set” (e.g., “a set of items”) or “subset”unless otherwise noted or contradicted by context, is to be construed asa nonempty collection comprising one or more members. Further, unlessotherwise noted or contradicted by context, the term “subset” of acorresponding set does not necessarily denote a proper subset of thecorresponding set, but the subset and the corresponding set may beequal.

Conjunctive language, such as phrases of the form “at least one of A, B,and C,” or “at least one of A, B and C,” unless specifically statedotherwise or otherwise clearly contradicted by context, is otherwiseunderstood with the context as used in general to present that an item,term, etc., may be either A or B or C, or any nonempty subset of the setof A and B and C. For instance, in the illustrative example of a sethaving three members used in the above conjunctive phrase, “at least oneof A, B, and C” and “at least one of A, B and C” refers to any of thefollowing sets: {A}, {B}, {C}, {A, B}, {A, C}, {B, C}, {A, B, C}. Thus,such conjunctive language is not generally intended to imply thatcertain embodiments require at least one of A, at least one of B and atleast one of C to each be present.

Operations of processes described herein can be performed in anysuitable order unless otherwise indicated herein or otherwise clearlycontradicted by context. Processes described herein (or variationsand/or combinations thereof) may be performed under the control of oneor more computer systems configured with executable instructions and maybe implemented as code (e.g., executable instructions, one or morecomputer programs or one or more applications) executing collectively onone or more processors, by hardware or combinations thereof. The codemay be stored on a computer-readable storage medium, for example, in theform of a computer program comprising a plurality of instructionsexecutable by one or more processors. The computer-readable storagemedium may be non-transitory.

The use of any and all examples, or exemplary language (e.g., “such as”)provided herein, is intended merely to better illuminate embodiments ofthe invention and does not pose a limitation on the scope of theinvention unless otherwise claimed. No language in the specificationshould be construed as indicating any non-claimed element as essentialto the practice of the invention.

Preferred embodiments of this disclosure are described herein, includingthe best mode known to the inventors for carrying out the invention.Variations of those preferred embodiments may become apparent to thoseof ordinary skill in the art upon reading the foregoing description. Theinventors expect skilled artisans to employ such variations asappropriate and the inventors intend for embodiments of the presentdisclosure to be practiced otherwise than as specifically describedherein. Accordingly, the scope of the present disclosure includes allmodifications and equivalents of the subject matter recited in theclaims appended hereto as permitted by applicable law. Moreover, anycombination of the above-described elements in all possible variationsthereof is encompassed by the scope of the present disclosure unlessotherwise indicated herein or otherwise clearly contradicted by context.

All references, including publications, patent applications and patents,cited herein are hereby incorporated by reference to the same extent asif each reference were individually and specifically indicated to beincorporated by reference and were set forth in its entirety herein.

What is claimed is:
 1. A computer-implemented method, comprising:storing a set of data fragments among a plurality of physical storagedevices distributed among a plurality of physical data storagelocations; in response to a request to retrieve a data object that wasused to generate the set of data fragments, determining a manner ofretrieving the data object based at least in part on a current activitystate of storage devices storing the set of data fragments and involvingreading fewer than all of the set of data fragments; and causingretrieval of the data object in accordance with the determined manner.2. The computer-implemented method of claim 1, further comprisingapplying a redundancy encoding scheme to a data object to generate theset of data fragments, the set of data fragments configured such that aproper subset of the set of data fragments is usable to construct thedata object.
 3. The computer-implemented method of claim 1, furthercomprising updating a set of data placement rules based on at least onehardware failure at a data storage system that includes at least one ofthe plurality of physical data storage locations to generate an updatedset of data placement rules, the updated set of data placement rulesdefining criteria for selecting separate storage locations for the datafragments to mitigate a risk of data loss of the set of data fragmentswhen hardware failure occurs at one or more selected storage locations.4. The computer-implemented method of claim 1, wherein storing theplurality of data fragments is based at least in part on a placement forplurality of data fragments that is based at least in part on an updatedset of data placement rules applied to physical characteristics of atleast a subset of a plurality of physical data storage devices, theplacement indicating a plurality of locations from the plurality ofphysical data storage devices that satisfy the updated set of dataplacement rules.
 5. The computer-implemented method of claim 4, whereindetermining the placement comprises determining a location for a firstdata fragment based on the updated set of data placement rules, anditeratively determining a location for remaining data fragments of theplurality of data fragments based on the set of updated data placementrules and based on a determined location for each previously locateddata fragment.
 6. The computer-implemented method of claim 4, whereinthe set of data placement rules are configured to satisfy one or moreconditions for physical location heterogeneity when the set of dataplacement rules are satisfied.
 7. The computer-implemented method ofclaim 4, wherein the placement for the data fragments is determined byselecting the placement from a plurality of placements predetermined tosatisfy the updated data placement rules prior to receiving a dataobject for storage.
 8. The computer-implemented method of claim 1,further comprising receiving a data object to be stored in a datastorage system, the data storage system comprising the plurality ofphysical data storage locations, each location of the plurality ofphysical data storage locations having a plurality of physicalcharacteristics.
 9. A computer-implemented method comprising: receivinga request to retrieve a data object; selecting a physical storage devicebased at least in part on a current activity state of the physicalstorage device, the physical storage device storing a fragment of thedata object; reconstructing the data object based at least in part onthe fragment and a set of other fragments, the set of other fragmentsstored among a set of other physical storage devices; and providing aresponse to the request based at least in part on the data object. 10.The computer-implemented method of claim 9, further comprising causingthe fragments to be stored according to a determined placement includingdelaying storage of each data fragment until storage devices adjacent toa selected storage location are idle.
 11. The computer-implementedmethod of claim 9, further comprising generating the fragments using aredundancy encoding scheme.
 12. The computer-implemented method of claim9, wherein the fragments are stored based at least in part on an updatedset of data placement rules, and wherein the updated set of dataplacement rules is updated based on at least one hardware failure at adata storage system that includes the set of physical storage devicesand defining criteria for selecting separate locations for datafragments to mitigate a risk of data loss of the data fragments whenhardware failure occurs at one or more selected locations.
 13. Thecomputer-implemented method of claim 9, wherein a collective size of thefragments is greater than a size of received data used to generate thefragments and each of the fragments has an individual size less than thesize of the received data.
 14. A system, comprising: memory includinginstructions that, when executed by one or more processors, cause thesystem to: store a set of fragments of data among a plurality ofphysical storage devices distributed among a plurality of physicallocations based at least in part on an updated set of data placementrules; in response to a request to retrieve the data, determining amanner of retrieving the data based at least in part on a currentactivity state of storage devices storing the data fragments andinvolving reading fewer than all of the data fragments; and causeretrieval of the data in accordance with the determined manner.
 15. Thesystem of claim 14, wherein storing the set fragments of data comprises:determining a location for a first data fragment based on the updatedset of data placement rules, and determining a location for remainingdata fragments of the set of data fragments based on the updated set ofdata placement rules and based on a determined location for eachpreviously located data fragment.
 16. The system of claim 14, whereinthe set of fragments of data are configured such that a proper subset ofthe fragments is usable to construct a set of data for recovery.
 17. Thesystem of claim 14, wherein the updated set of data placement rules areupdated based on at least one hardware failure at one or more of thephysical locations and defining criteria for selecting separatelocations for the set of fragments of data to mitigate a risk of dataloss of the set of data fragments when hardware failure occurs at one ormore of the selected locations.
 18. The system of claim 14, wherein thesystem operates in support of a data storage service provided by acomputing resource service provider to a plurality of customers; and thefragments of data contain data of a customer of the computing resourceservice provider for storage in the system.
 19. The system of claim 14,wherein: the fragments of data are generated by applying a redundancyencoding engine to data; and the fragments individually contain anamount of data that is less than a size of the data but collectivelycontain an amount of data that is greater than the size of the data. 20.The system of claim 14, wherein the fragments are stored based at leastin part on physical characteristics of the plurality of physical storagedevices, the physical characteristics include one or more physicalcharacteristics selected from a group consisting of: a location within amultiple storage device unit and a location within a data storage rack.